Add strategic waits to ensure operations are created and flushed in the
correct sequence:
- 50ms wait after DELETE to ensure operation is created
- 500ms wait after UPDATE to ensure operation is flushed before sync
This ensures UPDATE has a later timestamp than DELETE, allowing LWW
conflict resolution to correctly recreate the updated task.
Verified with 15 consecutive successful test runs.
Add a trust badge displaying EU flag stars and "Data hosted in EU" text to the SuperSync server login/register page. The badge uses official EU flag colors (blue #039 and gold #fc0) with the circle of 12 stars from public domain SVG.
Internal compliance documentation has been moved to a private location.
These documents contain sensitive operational procedures and security
analysis that should not be public.
Files moved:
- GDPR compliance analysis
- Incident response playbooks
- Data subject request procedures
- DPIA screening decisions
- Records of processing activities
- Infrastructure verification documents
Increases max-height of mat-mdc-dialog-content from default to 90vh on
mobile viewports (≤599px) to better utilize available screen space and
reduce unnecessary scrolling in dialogs like the schedule task dialog.
Update incident response, data subject request, and DPIA procedures to
accurately reflect that database encryption at rest is NOT implemented
for non-E2EE users.
Changes:
- INCIDENT-RESPONSE-PLAYBOOK.md: Clarify E2EE is optional throughout,
add physical server compromise scenarios, update risk assessments to
differentiate E2EE vs non-E2EE users, document encryption gap in
prevention measures
- DATA-SUBJECT-REQUEST-PROCEDURES.md: Add encryption status disclosure
to access responses, clarify data export formats, add security notice
about unencrypted storage for non-E2EE users
- DPIA-SCREENING-DECISION.md: Document encryption gap as additional
consideration, update risk level to LOW-MEDIUM, add encryption gap
to conclusion and re-assessment triggers
All procedures now consistently acknowledge 85% compliance score and
risk variance based on E2EE usage, while maintaining that DPIA is not
required per Art. 35.
Update GDPR compliance documentation to accurately reflect that database
encryption at rest is NOT implemented for non-E2EE users. This critical
finding required:
- Update compliance score from 92% to 85% (10% deduction for encryption gap)
- Add comprehensive encryption disclosure to privacy policies (German & English)
- Document risk: unencrypted PostgreSQL data on disk
- Update GDPR analysis with compensating controls (optional E2EE)
- Revise Records of Processing Activities with encryption status
- Add context to Alfahosting verification tracker
Changes prioritize GDPR transparency by honestly documenting security
limitations rather than overstating compliance.
- Fix tag assignment by waiting for tag to appear on task after assignment
- Fix project/tag dialog forms by adding initialization delay (300ms)
- Fix issue provider panel by handling auto-closing dialogs
- Replace arbitrary timeouts with proper element visibility checks
All 4 previously failing tests now pass consistently:
- menu-touch-submenu: tag toggling via submenu
- context-switching: project navigation and TODAY tag switching
- issue-provider-panel: dialog opening without errors
Test results: 191 passed, 0 failed (previously 4 failed)
Create schedule.constants.ts and schedule-constants.scss with named
constants for viewport thresholds, breakpoints, column widths, and
scrollbar dimensions. Update components to use constants for better
maintainability and documentation.
Add integration test verifying that when a remote DELETE is applied first
but a local UPDATE wins LWW conflict resolution, the entity can be
extracted from the DELETE payload and the UPDATE applied on top of it.
- Add active state CSS reusing magic side nav theme variables
- Switch to routerLinkActive directive for declarative route matching
- Remove manual currentRoute signal tracking
There is no reason to run certain checks on simple documentation
updates. These Actions showed up during the initial v0.1 PR and added
noise to the PR process.
Add automated preview deployments for pull requests using Cloudflare Pages.
Each PR gets a unique preview URL that updates on every push.
Requires configuring these repository secrets:
- CLOUDFLARE_API_TOKEN
- CLOUDFLARE_ACCOUNT_ID
The font budget was set to 260KB before the Material Icons to Material
Symbols upgrade. Material Symbols font is ~456KB, causing Lighthouse CI
to fail. Increase budget to 520KB to accommodate the larger font with
headroom for future updates.
When a remote DELETE is applied before LWW resolution and the local UPDATE
wins (newer timestamp), extract the entity from the DELETE operation payload
to recreate it, preventing data loss from the race condition.
- Created calendar.svg icon for ICAL issue provider
- Registered calendar icon in global theme service
- Updated ISSUE_PROVIDER_ICON_MAP to use 'calendar' instead of 'calendar_month'
- Fixes error: "Unable to find icon with the name :calendar_month"
WebDAV and SuperSync E2E tests require dedicated server infrastructure
and should only run in the scheduled E2E workflow or manually. This
prevents build failures when the required servers are not available.
- Added @webdav tag to all WebDAV test files for consistent filtering
- Updated build.yml to exclude @webdav and @supersync tagged tests
Prevents the task close button from appearing on mobile screens (≤600px) where task details are shown in the bottom panel, improving UX by avoiding redundant UI elements.
